-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
41 lines (38 loc) · 1 KB
/
.gitlab-ci.yml
File metadata and controls
41 lines (38 loc) · 1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
stages:
- sbom
- security-scan
## -------------- Security Pipeline ---------------- ##
sbom-creation:
stage: sbom
rules:
- if: $CI_PIPELINE_SOURCE == "web"
when: manual
- if: $CI_COMMIT_REF_NAME =~ $CI_DEFAULT_BRANCH
when: always
image:
name: ${DEFAULT_IMAGE}:develop
entrypoint: ['']
script:
- uv pip install cyclonedx-bom
- uv export --all-extras --no-dev --no-group test --no-group docs --link-mode=copy --format requirements.txt | cyclonedx-py requirements - > sbom.cyclonedx.json
artifacts:
paths:
- sbom.cyclonedx.json
expire_in: 1 days
security-scan:
stage: security-scan
needs:
- sbom-creation
trigger:
include:
- project: $SECURITY_PIPELINE_PROJECT
file: security_pipeline.yaml
ref: $SECURITY_PIPELINE_REF
forward:
pipeline_variables: true
yaml_variables: true
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: always
- if: $CI_PIPELINE_SOURCE == "web"
when: always